Unless otherwise indicated herein, the materials described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Ubiquitous computing (ubicomp) depends heavily on wireless networking technology to support the automatic participation of many everyday objects in a computing environment. Example solutions for wireless communications for ubicomp may include wireless local area network (WLAN) technology or wireless personal area network (WPAN) technology. Related network solutions may include Bluetooth, ZigBee, WirelessHART, WiFi, MiWi, various other wireless communication solutions, and various technologies promulgated by the IEEE 802 working groups.
While security is an important concern for wireless networks, there must generally be a cryptographic key exchange between network devices to support secure operations. For improved security, keys may be entered into devices manually. It is generally understood that most users will not engage in physical key transcription or the plugging in of key tokens for every device that enters into, or pairs with, a ubicomp network. For example, manually entering a security key into a wireless mouse at the time of purchase, or worse yet every time it is used at a different computer, is not a particularly user friendly activity. This concern multiplies as ubicomp expands. For example, a purchaser of a new kitchen might be entering security keys for blenders, refrigerators, can openers, garbage disposals, each AC power outlet, each light switch, a thermostat, microwave oven, coffee maker, so on, and so on. As such, automatic wireless key exchange is almost a necessity for devices joining a ubicomp network.
For improved usability, there is an expectation that keys are simply transmitted, or broadcast, between devices during a device pairing process when a device joins to the network. Unfortunately, the network will suffer a moment of vulnerability every time a device joins or rejoins a network and keys are transmitted. An example of how this vulnerability can be exploited is by a remote antenna establishing a “man in the middle” attack as devices are accepted into the network. A remote attacker may also be able to force nodes to reintroduce themselves to the network and perform a new wireless key exchange. As such, a wireless ubicomp system can be made to introduce new security vulnerabilities on demand.